With today's launch of RSA Exchange Release R12, we are excited to share new and updated offerings to help you assess, prioritize and track your risks. The new Archer Scripts Timesheet app-pack enables RSA Archer users to enter time in a weekly view and store hours by the day for projects stored in any application within RSA Archer. Release R12 also includes the Crowe Pandemic Response app-pack that centralizes the data executives need to identify emerging risks, adapt business initiatives and care for their employees; the NTT ISMS Risk Assessment app-pack that helps you roll out and operate your ISMS and automatically define, prioritize and track risks; and the RSA Archer IIC-Aligned IoT Security Maturity Assessment app-pack that follows the Security Maturity Model framework to help you complete a security maturity assessment upon your IoT implementations to determine your current security posture and desired security outcome.

The release also includes two new integrations. The new AWS Security Hub integration allows you to view data from AWS Security Hub in RSA Archer to capture and prioritize security findings and generate findings from AWS accounts and services in a centralized location, perform configuration and compliance checks, and monitor AWS accounts for potential malicious activities and vulnerabilities. The Wolters Kluwer™ Insource® integration allows organizations in the insurance industry to automatically import the content directly into RSA Archer to monitor regulatory material and assess compliance impact.

This release is packed with many new partner offerings and updates to existing offerings.

Here is a full list of the new and updated offerings available in Release R12:

• App-Packs – pre-built applications addressing adjacent or supporting Integrated Risk Management processes (e.g. niche, industry, geo-specific)
  • Archer Scripts Timesheet enables users to quickly enter time on a weekly view and integrates with records in existing RSA Archer applications.
  • ComplyTec NERC Compliance Management has been updated to improve the user experience and to add advanced workflow to the Events application, introduced the Reliability Standard Audit Worksheet mail merge template, added calculated functionality for review Frequency and Next Review Data, and a NERC Procedure Assessment and NERC Evidence Assessment questionnaires.
  • Crowe Pandemic Response aggregates external data, including government mandates, closures, virus cases and more, and correlates it with an organization’s internal data, such as employees, vendors, customers, products and facilities. This tool centralizes the data executives need to identify emerging risks, adapt business initiatives and, most importantly, care for their employees.
  • NTT ISMS Risk Assessment extends the NTT ISMS Control Assessment app-pack and helps automatically define, prioritize and track risks.
  • RSA Archer IIC-Aligned IoT Security Maturity Assessment documents security maturity assessments and action plans to address security gaps in IoT implementations.

• Integrations - pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform
  • AWS Security Hub integration with RSA Archer IT Controls Assurance use case creates a centralized view for security and compliance posture across multiple AWS services or partner offerings.
  • Qualys Vulnerability Management integration with the RSA Archer IT Security Vulnerabilities Program use case has been updated to leverage the Application Managed Output Writer for JavaScript Transporter.
  • RiskRecon Own Enterprise Monitoring integration with RSA Archer IT Security and Vulnerabilities Program has been updated to support changes with JavaScript code and ingestion of RiskRecon Network Filtering issues.
  • RiskRecon Third Party Security Risk Monitoring integration has been updated to support changes in the JavaScript code and data feed and integrates with the following use cases:
    • RSA Archer Third Party Catalog
    • RSA Archer Third Party Engagement
    • RSA Archer Issues Management
  • SecurityScorecard integration with the RSA Archer Third Party Catalog use case has been updated to include enhanced data structures, automated data feeds, event log module, and triggered assessments and notifications.
  • Supply Wisdom integration with the RSA Archer Third Party Catalog use case has been updated to reduce the number of required on-demand applications, full integration with Supply Wisdom's API for automatic content updates, email notifications, and alert triage and tracking status. 
  • Thomson Reuters integration with the RSA Archer Corporate Obligations Management use case includes a number of updates.
  • Wolters Kluwer NILS™ Insource ® integration with the RSA Archer Corporate Obligations Management use case imports regulatory content for the insurance industry directly into RSA Archer. 

• Content - pre-mapped collection of best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments
  • AICPA Privacy Maturity Model provides organizations with a means of assessing their privacy program.
  • Cybersecurity Maturity Model Certification Framework (CMMC) encompasses multiple maturity levels for CyberSecurity.
  • E.U. Regulatory Technical Standards for Authentication establishes requirements for payment service providers to implement security measures.
    
  • HITRUST CSF™  rationalizes relevant regulations and standards into a single overarching security and privacy framework for organizations to manage risk and regulatory compliance.
  • Hong Kong Monetary Authority Principles of Artificial Intelligence provides guidance to the banking industry on the use of artificial intelligence (AI) applications. 
  • Hong Kong Monetary Authority E-banking Regulation provides guidance on the risk management of E-banking to Authorized Institutions (AIs).
  • Industrial Internet Consortium (IIC) IoT SMM Framework provides a framework to assess the security maturity for IoT implementations.
  • Maine - An Act To Protect the Privacy of Online Customer Information requires internet service providers in the state of Maine to get permission from their customers before selling or sharing their data with a third party.
  • Microsoft Software Development Lifecycle has been updated to 5.2 version.
  • Nevada - CHAPTER 603A – Security and Privacy of Personal Information prohibits website operators, or anyone who runs an online service, from selling certain information on a consumer to data brokers without that consumer's permission.
  • RSA Archer Third Party Pandemic Preparedness Assessment is a questionnaire used with the RSA Archer Third Party Risk Assessment use case to assess a third parties pandemic plan.
  • U.K. NCSC Cyber Assessment Framework provides a systematic and comprehensive approach to assessing the extent to which cyber risks to essential functions are being managed by the organization responsible.
  • U.K. Network and Information Systems Regulations 2018 provides legal measures aimed at boosting the overall level of security (both cyber and physical resilience) of network and information systems for the provision of essential services and digital services.
  • U.S. HHS/CDC Business Pandemic Influenza Planning Checklist provides a questionnaire developed by the U.S. Department of Health and Human Services (HHS) and the Centers for Disease Control and Prevention (CDC) to help organizations plan for a pandemic influenza.
  • U.S. Sarbanes-Oxley Master Controls has been updated to support the new RSA Archer Financial Controls Monitoring use case (formerly Controls Monitoring Program Management).

To learn more about each of these new and updated offerings, start by reviewing the Product Advisory. Also, please join me on Friday, May 29 for a Free Friday Tech Huddle for an overview of the RSA Exchange Release R12 offerings (available to customers only).

And last, but not least, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please submit them on RSA Ideas!